Loading...
1// SPDX-License-Identifier: GPL-2.0
2
3/* NOTE: we really do want to use the kernel headers here */
4#define __EXPORTED_HEADERS__
5
6#include <stdio.h>
7#include <stdlib.h>
8#include <unistd.h>
9#include <string.h>
10#include <errno.h>
11#include <ctype.h>
12#include <sys/socket.h>
13
14struct security_class_mapping {
15 const char *name;
16 const char *perms[sizeof(unsigned) * 8 + 1];
17};
18
19#include "classmap.h"
20#include "initial_sid_to_string.h"
21
22#define max(x, y) (((int)(x) > (int)(y)) ? x : y)
23
24const char *progname;
25
26static void usage(void)
27{
28 printf("usage: %s flask.h av_permissions.h\n", progname);
29 exit(1);
30}
31
32static char *stoupperx(const char *s)
33{
34 char *s2 = strdup(s);
35 char *p;
36
37 if (!s2) {
38 fprintf(stderr, "%s: out of memory\n", progname);
39 exit(3);
40 }
41
42 for (p = s2; *p; p++)
43 *p = toupper(*p);
44 return s2;
45}
46
47int main(int argc, char *argv[])
48{
49 int i, j, k;
50 int isids_len;
51 FILE *fout;
52 const char *needle = "SOCKET";
53 char *substr;
54
55 progname = argv[0];
56
57 if (argc < 3)
58 usage();
59
60 fout = fopen(argv[1], "w");
61 if (!fout) {
62 fprintf(stderr, "Could not open %s for writing: %s\n",
63 argv[1], strerror(errno));
64 exit(2);
65 }
66
67 for (i = 0; secclass_map[i].name; i++) {
68 struct security_class_mapping *map = &secclass_map[i];
69 map->name = stoupperx(map->name);
70 for (j = 0; map->perms[j]; j++)
71 map->perms[j] = stoupperx(map->perms[j]);
72 }
73
74 isids_len = sizeof(initial_sid_to_string) / sizeof (char *);
75 for (i = 1; i < isids_len; i++)
76 initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]);
77
78 fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
79 fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n");
80
81 for (i = 0; secclass_map[i].name; i++) {
82 struct security_class_mapping *map = &secclass_map[i];
83 fprintf(fout, "#define SECCLASS_%s", map->name);
84 for (j = 0; j < max(1, 40 - strlen(map->name)); j++)
85 fprintf(fout, " ");
86 fprintf(fout, "%2d\n", i+1);
87 }
88
89 fprintf(fout, "\n");
90
91 for (i = 1; i < isids_len; i++) {
92 const char *s = initial_sid_to_string[i];
93 fprintf(fout, "#define SECINITSID_%s", s);
94 for (j = 0; j < max(1, 40 - strlen(s)); j++)
95 fprintf(fout, " ");
96 fprintf(fout, "%2d\n", i);
97 }
98 fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
99 fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");
100 fprintf(fout, "{\n");
101 fprintf(fout, "\tbool sock = false;\n\n");
102 fprintf(fout, "\tswitch (kern_tclass) {\n");
103 for (i = 0; secclass_map[i].name; i++) {
104 struct security_class_mapping *map = &secclass_map[i];
105 substr = strstr(map->name, needle);
106 if (substr && strcmp(substr, needle) == 0)
107 fprintf(fout, "\tcase SECCLASS_%s:\n", map->name);
108 }
109 fprintf(fout, "\t\tsock = true;\n");
110 fprintf(fout, "\t\tbreak;\n");
111 fprintf(fout, "\tdefault:\n");
112 fprintf(fout, "\t\tbreak;\n");
113 fprintf(fout, "\t}\n\n");
114 fprintf(fout, "\treturn sock;\n");
115 fprintf(fout, "}\n");
116
117 fprintf(fout, "\n#endif\n");
118 fclose(fout);
119
120 fout = fopen(argv[2], "w");
121 if (!fout) {
122 fprintf(stderr, "Could not open %s for writing: %s\n",
123 argv[2], strerror(errno));
124 exit(4);
125 }
126
127 fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
128 fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n");
129
130 for (i = 0; secclass_map[i].name; i++) {
131 struct security_class_mapping *map = &secclass_map[i];
132 for (j = 0; map->perms[j]; j++) {
133 if (j >= 32) {
134 fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n",
135 map->name, map->perms[j]);
136 exit(5);
137 }
138 fprintf(fout, "#define %s__%s", map->name,
139 map->perms[j]);
140 for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++)
141 fprintf(fout, " ");
142 fprintf(fout, "0x%08xU\n", (1<<j));
143 }
144 }
145
146 fprintf(fout, "\n#endif\n");
147 fclose(fout);
148 exit(0);
149}
1// SPDX-License-Identifier: GPL-2.0
2
3/* NOTE: we really do want to use the kernel headers here */
4#define __EXPORTED_HEADERS__
5
6#include <stdio.h>
7#include <stdlib.h>
8#include <unistd.h>
9#include <string.h>
10#include <errno.h>
11#include <ctype.h>
12
13struct security_class_mapping {
14 const char *name;
15 const char *perms[sizeof(unsigned) * 8 + 1];
16};
17
18#include "classmap.h"
19#include "initial_sid_to_string.h"
20
21const char *progname;
22
23static void usage(void)
24{
25 printf("usage: %s flask.h av_permissions.h\n", progname);
26 exit(1);
27}
28
29static char *stoupperx(const char *s)
30{
31 char *s2 = strdup(s);
32 char *p;
33
34 if (!s2) {
35 fprintf(stderr, "%s: out of memory\n", progname);
36 exit(3);
37 }
38
39 for (p = s2; *p; p++)
40 *p = toupper(*p);
41 return s2;
42}
43
44int main(int argc, char *argv[])
45{
46 int i, j;
47 int isids_len;
48 FILE *fout;
49
50 progname = argv[0];
51
52 if (argc < 3)
53 usage();
54
55 fout = fopen(argv[1], "w");
56 if (!fout) {
57 fprintf(stderr, "Could not open %s for writing: %s\n",
58 argv[1], strerror(errno));
59 exit(2);
60 }
61
62 for (i = 0; secclass_map[i].name; i++) {
63 struct security_class_mapping *map = &secclass_map[i];
64 map->name = stoupperx(map->name);
65 for (j = 0; map->perms[j]; j++)
66 map->perms[j] = stoupperx(map->perms[j]);
67 }
68
69 isids_len = sizeof(initial_sid_to_string) / sizeof (char *);
70 for (i = 1; i < isids_len; i++)
71 initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]);
72
73 fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
74 fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n");
75
76 for (i = 0; secclass_map[i].name; i++) {
77 struct security_class_mapping *map = &secclass_map[i];
78 fprintf(fout, "#define SECCLASS_%-39s %2d\n", map->name, i+1);
79 }
80
81 fprintf(fout, "\n");
82
83 for (i = 1; i < isids_len; i++) {
84 const char *s = initial_sid_to_string[i];
85 fprintf(fout, "#define SECINITSID_%-39s %2d\n", s, i);
86 }
87 fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
88 fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");
89 fprintf(fout, "{\n");
90 fprintf(fout, "\tbool sock = false;\n\n");
91 fprintf(fout, "\tswitch (kern_tclass) {\n");
92 for (i = 0; secclass_map[i].name; i++) {
93 static char s[] = "SOCKET";
94 struct security_class_mapping *map = &secclass_map[i];
95 int len = strlen(map->name), l = sizeof(s) - 1;
96 if (len >= l && memcmp(map->name + len - l, s, l) == 0)
97 fprintf(fout, "\tcase SECCLASS_%s:\n", map->name);
98 }
99 fprintf(fout, "\t\tsock = true;\n");
100 fprintf(fout, "\t\tbreak;\n");
101 fprintf(fout, "\tdefault:\n");
102 fprintf(fout, "\t\tbreak;\n");
103 fprintf(fout, "\t}\n\n");
104 fprintf(fout, "\treturn sock;\n");
105 fprintf(fout, "}\n");
106
107 fprintf(fout, "\n#endif\n");
108 fclose(fout);
109
110 fout = fopen(argv[2], "w");
111 if (!fout) {
112 fprintf(stderr, "Could not open %s for writing: %s\n",
113 argv[2], strerror(errno));
114 exit(4);
115 }
116
117 fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
118 fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n");
119
120 for (i = 0; secclass_map[i].name; i++) {
121 struct security_class_mapping *map = &secclass_map[i];
122 int len = strlen(map->name);
123 for (j = 0; map->perms[j]; j++) {
124 if (j >= 32) {
125 fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n",
126 map->name, map->perms[j]);
127 exit(5);
128 }
129 fprintf(fout, "#define %s__%-*s 0x%08xU\n", map->name,
130 39-len, map->perms[j], 1U<<j);
131 }
132 }
133
134 fprintf(fout, "\n#endif\n");
135 fclose(fout);
136 exit(0);
137}